Fundamentals of Audit and Assurance Engagements

Assurance Services/Engagements:
• Assurance services – independent professional services in which a practitioner issues a written communication that
expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria
• Assurance engagement – an engagement in which a practitioner expresses a conclusion designed to enhance the
degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria

Objective of Assurance Engagements:

According to the Philippine Framework for Assurance Engagements, an assurance engagement is conducted:
a. To provide a high level of assurance that the subject matter conforms in all material respects with identified suitable
criteria; or
b. To provide a moderate level of assurance that the subject matter is plausible in the circumstances.

Types of Assurance Engagements and their Objectives:

1. Reasonable assurance engagements – engagements that provide high, but not absolute, level of assurance
• Also called high-level engagements
• The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably
low level as the basis for a positive form of expression of the practitioner’s conclusion.
• Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably low level (close to zero).
• For assurance engagements regarding historical financial information in particular, reasonable assurance
engagements are called audit engagements. An audit engagement is an assurance engagement to provide a high
level of assurance that the financial statements are free of material misstatement. This high level of assurance is
expressed positively in the audit report as “reasonable assurance”.

Key Factors why Absolute Assurance is unattainable

In assurance engagements, absolute assurance is generally not attainable because of such factors as:
✓ Use of judgment
✓ Use of testing
✓ Inherent limitations of internal control
✓ Most evidence available to the practitioner is persuasive rather than conclusive
✓ In some cases, the characteristics of the subject matter

2. Limited assurance engagements – engagements that provide only a “moderate” or “limited” level of assurance
• The objective of a limited assurance engagement is a reduction in assurance engagement risk to an acceptable
level as the basis for a negative form of expression of the practitioner’s conclusion. Thus, the risk in limited
assurance engagement is greater than for a reasonable assurance engagement.

Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter
information is materially misstated.

Assertion-based and Direct Reporting Engagements:

1. Assertion based engagements – evaluation or measurement of the subject matter is performed by the responsible
party, and the subject matter information is in the form of an assertion by the responsible party that is made available to
the interested users
Assertion-based engagements are also known as attestation engagements Examples of
assertion-based engagements:
a. Audit engagements
b. Review engagements
2. Direct reporting engagements – the practitioner either directly performs the evaluation or measurement of the subject
matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that
is not available to the intended users

Range of Assurance Engagements:

a. Engagements to report on a broad range of subject matters covering financial and non-financial information
b. Attest and direct reporting engagements
c. Engagements to report internally and externally, and
d. Engagements in the private and public sector

Examples of Assurance Engagements:

1. Audits of financial statements
2. Examination of prospective financial statements
 3. Reporting on compliance with laws, rules and regulations
4. Other assurance services:
a. CPA risk advisory
b. Business performance measurement services
c. Health care performance measurement services
d. Elder Care Plus
e. Risk Assessment Services
f. CPA Web Trust Service
g. Information Systems Reliability

Elements of Assurance Engagements:

Not all engagements performed by practitioners are assurance engagements. An assurance engagement must have the following
elements:
1. Three party relationship (involving a practitioner, a responsible party and intended users)
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance
engagement

1.) Three Party Relationship:

a. Practitioner – CPA in public practice who performs the assurance engagement
b. Responsible party – person/s who is responsible for the subject matter or the assertion (subject matter information)
For example, an entity’s management is responsible for the preparation and presentation of financial statements or the
establishment and implementation of internal control.
c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the assurance report; they
are the users to whom the practitioner usually addresses the report
Responsible party and intended user:
• The responsible party and the intended users may be from different entities or the same entity.
• The practitioner may be engaged by the responsible party or the intended user.
• The responsible party can be one of the intended users, but not the only one.
• Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may
be other intended users. In cases where the CPA may not be able to identify all intended users, intended users
may be limited to major stockholders with significant and common interests.
• In some circumstances, the intended user may be established by law.
• The responsible party may also be one of the intended users.
• The intended user may be established by agreement between the practitioner and responsible party or those
engaging or employing the practitioner.

2.) Appropriate Subject Matter:

Subject matter refers to the information to be evaluated or measured against the criteria.
Subject matter information means the outcome of the evaluation or measurement of a subject matter.

Subject matter in an audit of financial statements:

• Subject matter includes the financial position, financial performance and cash flows of the entity
• Subject matter information is the set of financial statements
• Responsible party is the client/entity management

Requirements for subject matter to be considered appropriate:

a. Identifiable
b. Capable of consistent evaluation and measurement against suitable criteria
c. In the form that can be subjected to procedures for gathering evidence to support that evaluation or measurement

Forms of subject matter of an assurance engagement:

1. Financial performance or conditions (for example, historical or prospective financial position, financial
performance and cash flows) for which the subject matter information may
be the recognition, measurement, presentation and disclosure represented in the financial statements
2. Non-financial performance or conditions (for example, performance indicators of an entity) for which the subject
matter information may be key indicators of efficiency and effectiveness
3. Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a
specifications document
 4. Systems and processes (for example, entity’s internal control or IT system) for which the subject matter
information may be an assertion about effectiveness
5. Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which
the subject matter information may be a statement of compliance or a statement of effectiveness

Suitable Criteria:
Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an assurance engagement,
including, where relevant, benchmarks for presentation and disclosure. Without frame of reference provided by suitable criteria,
any conclusion is open to individual interpretation and misunderstanding.

Five characteristics of suitable criteria:

a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the intended users
b. Completeness – criteria are sufficiently complete when relevant factors that could affect the conclusions in the
context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks
for presentation and disclosure.
c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the subject matter when
used in similar circumstances by similarly qualified practitioners
d. Neutrality – neutral criteria contribute to conclusions that are free from bias
e. Understandability – understandable criteria contribute to conclusions that are clear, comprehensive, and not
subject to significantly different interpretations

Two types of criteria:

1. Established criteria – are those criteria that are embodied in laws or regulations or issued by authorized or recognized
bodies of experts that follow a transparent due process Examples:
2. Specifically developed criteria – those criteria specifically designed for the purpose of the engagement
Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their
suitability for a particular engagement.

Examples of suitable criteria:

• Applicable financial reporting framework which is the Philippine Financial Reporting Standards (PFRS) – in case
of audit of financial statements
• Applicable law or regulation or contract – in case of compliance audit
• Established internal control framework or stated internal control criteria – in case of report on internal control

Availability of criteria to intended users:

Criteria need to be made available to the intended users in one or more of the following ways:
a. Publicly
b. Through inclusion in a clear manner in the presentation of the subject matter information
c. Through inclusion in a clear manner in the assurance report
d. By general understanding, for example, the criterion for measuring time in hours and minutes

Sufficient Appropriate Evidence:

The practitioner shall plan and perform the engagement with an attitude of professional skepticism to obtain sufficient appropriate
evidence that the assertions are free of material misstatements.
Professional skepticism – an attitude that includes a questioning mind, being alert to conditions which may indicate
possible misstatement due to error or fraud, and a critical assessment of evidence
Evidence – refers to the information obtained by the practitioner in arriving at the conclusions on which the conclusion is
based
Sufficiency – refers to the measure of the quantity of evidence
Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its reliability

Written Assurance Report:

A written assurance report should be in the form appropriate to a reasonable assurance engagement or a limited assurance
engagement.

The practitioner should provide a written report containing a conclusion that conveys the assurance obtained about the subject
matter information. In addition, the practitioner considers other reporting responsibilities, including communicating with those
charged with governance when it is appropriate to do so.

Levels of assurance provided in the written report:

Type or level of Form of conclusions Example
assurance
Reasonable Positive form of expression of the “In our opinion internal control is effective, in all material
assurance practitioner’s conclusion respects, based on XYZ criteria.”
 Limited assurance Negative form of expression of the “Based on our work described in this report, nothing has
practitioner’s conclusion come to our attention that causes us to believe that internal
control is not effective, in all material respects, based on XYZ
criteria.”

Attestation Services:
An attestation service is a type of assurance service in which a practitioner is engaged to issue a written communication that
expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. Attestation generally
refers to an expert's written communication of a conclusion about the reliability of someone else's assertions.

The subject matter of attestation services include:

• Financial and non-financial in nature
• Future-oriented financial information (such as the examination of prospective financial information)
• Management's discussion and analysis
• Effectiveness of internal control
• Compliance with statutory, regulatory, and contractual obligations

Relationships among Auditing, Attestation, and Assurance Services:

a. Similarity: These services are often used interchangeably because they encompass the same decision-process
b. Main difference/distinction: Scope of services
• “Assurance services” is broader in scope and in concept than either auditing or attestation. It encompasses both
audit and attestation services. Otherwise stated, attestation and audit services are subsets of assurance services.
• “Attestation services” is broader than audit because attest function is beyond historical FS. Attestation services
cover even non-GAAP FS.
• Auditing, particularly FS audit, is a type of assurance and attestation service that involves examination of historical
FS prepared in accordance with GAAP.

Non-assurance Engagements:
Not all engagements are assurance engagements. Other engagements performed by practitioners that do not meet the definition
of assurance engagement are classified as non-assurance engagements or services. Non-assurance engagements are those
that do not result in the practitioner’s expression of a conclusion that provides a level of assurance, whether negative assurance
or other form of assurance. The practitioner does not convey to the intended users any assurance as to the reliability of an
assertion.

The practitioner’s primary purpose for performing non-assurance services is to provide advice and technical assistance that will
enable a client to conduct its business more effectively.

Examples of non-assurance engagements:

1. Related services, such as:
a. Agreed-upon procedures engagements, and
b. Compilations of financial or other information engagements
2. Tax services (such as the preparation of tax returns where no conclusion conveying assurance is expressed)
3. Consulting (or advisory) engagements, such as management and tax consulting

Agreed-upon Procedures Engagements:

• Objective of agreed-upon procedures engagements: For the auditor to carry out procedures of an audit nature as
agreed by the auditor and the entity and any appropriate third parties and to report on factual findings
• No assurance is expressed in the report: The users/recipients of the report assess for themselves the procedures and
findings reported by the auditor and form their own conclusions from the report by the auditor.
• Distribution of report is restricted: The report on agreed upon procedures engagement is restricted to those parties
that have agreed to the procedures to be performed since others who are unaware of the reasons for the procedures
may misinterpret the results.
• According to PSRS 4400, the report on an agreed-upon procedures engagement needs to describe the purpose and the
agreed-upon procedures of the engagement in sufficient detail to enable the users of the report to understand the nature
and extent of the work performed.

Compilation of Financial or Other Information Engagements:

• Objective of compilation engagements: For the accountants to use accounting expertise, as opposed to auditing
expertise, to collect, classify and summarize financial information. Compilation engagements ordinarily include
preparation of financial statements.
• No test of assertions: A compilation engagement ordinarily entails reducing detailed data to a manageable and
understandable form without a requirement to test the assertions underlying that information.
 • No assurance is expressed in the report: The procedures employed are not designed to enable the accountant to
express any assurance on the financial information.
• Benefit to users: Users of the compiled financial information derive some benefit as a result of the accountant's
involvement because the service has been performed with professional competence and due care.

Tax Services:
1. Tax compliance – includes the preparation of tax returns (for individuals, corporations, estates and trusts, and other
entities) and acting as client’s representative to tax authorities or in tax litigations
2. Tax planning – includes the determination of the tax consequences of planned or potential transactions (legally
minimizing client’s tax liability) followed by making suggestions on the most desirable course of action

Management Consulting:
Management advisory (consulting) services – refers to the function of providing professional advisory (consulting) services, the
primary purpose of which is to improve client’s use of its capabilities and resources to achieve the objectives of the organization.
Advisory (consulting) services are professional services that provide advice and assistance to clients by improving their
condition directly. Advice or assistance to clients may cover the entity’s organization, operations, risk management, systems
design and implementation, process personnel, corporate finances, or other activities.

A pervasive characteristic of a CPA’s role in a consulting services engagement is that of being an objective advisor on the use of
information.

Assurance Services vs. Consulting Services:

Although assurance services and consulting services have basic similarities in terms of knowledge employed and exercise of
skills, they can be distinguished as follows:

Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation

The basic distinction between audit, review and related services is the level of assurance provided by the auditor in the
engagement.

Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party for use by another
party. The level of assurance is the degree of the practitioner’s satisfaction or degree of certainty the practitioner has attained
and wishes to convey to intended users. Such level or degree of assurance depends on the procedures performed and the
evidence collected by the practitioner.

Engagements and level of assurance:

1. Audit: The auditor provides a reasonable (high, but not absolute) level of assurance that the information subject to audit
is free of material misstatement. This is expressed positively in the audit report as reasonable assurance.
2. Reviews: The auditor provides a moderate/limited level of assurance that the information subject to review is free of
material misstatement. This is expressed in the form of negative assurance.
3. Agreed-upon procedures: No assurance is expressed. The auditor simply provides a report of the factual findings.
Users of the report assess for themselves the procedures and findings reported by the auditor and draw their own
conclusions from the auditor's work.
4. Compilation: Although the users of the compiled information derive some benefit from the accountant's involvement,
no assurance is expressed in the report.

Distinctions between Typical Assurance and Non-Assurance Services:

Point of Assurance Services Non-Assurance Services (Related Services)
distinction Audit Review Agreed-upon Compilation
procedures
Objective To express opinion on To report whether anything To perform audit To assist the client in
fairness of financial has come to the auditor’s procedures agreed on financial statements
statement attention that causes with the client preparation by using
him to believe that the and any appropriate third accounting expertise
financial statements are parties identified in the as opposed to auditing
not fair report expertise
Characteristics Audit opinion Substantially less in scope
• 1.) Recipients of the Accounting
enhances the of procedures than audit report must form their expertise, rather than
credibility of financial own conclusions from auditing, is used
statements the report • Users derive some benefit
2.) Report is restricted to because the service has
contracting parties been performed with due
professional skill and care
Evidence gathering Risk assessment, Limited to: As agreed Reading of the FS for obvious
procedures Tests of controls and Inquiry; and Analytical misstatements
Substantive tests procedures
(The auditor obtains an
understanding of the entity
and its environment,
including internal control,
but no evaluation of
internal control is
conducted.)
Level of assurance Reasonable Moderate (limited) No assurance No assurance
provided by the assurance assurance
CPA (High, but not
absolute, assurance)
Report provided Audit Report Review Report containing Factual findings of Compilation Report which
containing positive Negative assurance on procedures identify information
assurance on assertion compiled
assertion
Skills used by the Audit skills Audit skills Audit skills Accounting skills
auditor

Pronouncements on Assurance Engagements:

The following are the forms of pronouncements of the Auditing and Assurance Standards Council (AASC):
AASC Engagement Standards Applications Related Practice Statements

a. Philippine Standards on Auditing (PSAs) FS audit engagements Philippine Auditing Practice

Statements (PAPSs)
b. Philippine Standards on Review Engagements Review engagements Philippine Review Engagement
(PSREs) Practice Statements (PREPSs)

c. Philippine Standards on Assurance Other assurance engagements Philippine Assurance Engagement

Engagements (PSAEs) dealing with subject matters other Practice Statements (PAEPSs)
than historical financial
information

d. Philippine Standards on Related Services Related services Philippine Related Services Practice
(PSRSs) Statements (PRSPSs)

Other pronouncements:
a. Philippine Standards on Quality Control (PSQCs) – to be applied for all services that fall under the AASC’s
engagement standards, namely, audit, review, other assurance, and related services
b. Philippine Framework for Assurance Engagements – to be applied for assurance engagements

PSAs, PSREs, PSAEs, and PSRSs are collectively referred to as the AASC's Engagement Standards.

The AASC issues Practice Statements to provide interpretive guidance and practical assistance to practitioners in
implementing the Engagement Standards and to promote good practice.

Philippine Framework for Assurance Engagements:

The Framework:
• Defines and describes the elements and objectives of an assurance engagement.
• Identifies engagements to which assurance engagement standards (PSAs, PSREs, and PSAEs) apply Provides frame
of reference for:
a. Practitioners who perform assurance engagements (such as audit and review engagements)
b. Others involved with assurance engagements (such as the intended users and the responsible party), and
c. The International Auditing and Assurance Standards Board (IAASB) in its development of assurance engagement
standards which will be adopted by the AASC for application in the Philippines.
• Distinguishes assurance engagements and non-assurance engagements (non-assurance engagements are not covered
by the Framework).
• Sets out characteristics that must be exhibited before a practitioner can accept an assurance engagement.

Reports on Non-Assurance Engagements:

a. Should not use the words “assurance”, “audit” or “review”
b. Should not imply compliance with assurance engagement standards (PSAs, PSREs or PSAEs)
 c. Should not include a statement that may be misinterpreted as assurance engagements

Practitioner’s association with the subject matter: A practitioner is associated with financial information when:
a. The practitioner reports on information about that subject matter, that is, the practitioner attaches a report to that
financial information; or
b. The practitioner consents to the use of the his name in a professional connection with that subject matter

“If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner”

Remedies in case of inappropriate use of the practitioner’s name by other party:

If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter, the
practitioner should:
• Require the other party (i.e., management) to cease associating the practitioner with the subject matter
• Consider what other steps may be needed, such as informing any known third party users of the inappropriate use of
the practitioner’s name
• Seek legal advice

Auditing, Defined:

Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions
and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the
results to the interested users.”

Two processes of auditing:

a. Investigative process – involves the systematic gathering and evaluation of evidence as a basis for determining whether
assertions made by responsible person correspond with the established criteria
b. Reporting process – involves communicating the audit opinion to interested users

FS audit is an Assurance Engagement:

Financial statements audit engagement is an assurance engagement because it provides a reasonable (high but not absolute)
level of assurance that the subject matter conforms in all material respects with identified suitable criteria. It has the elements
of an assurance engagement as follows:
1. Three Party Relationship:
a. Practitioner: Independent or External auditor
b. Responsible party: Client’s management
c. Intended users: Users of financial statements
2. Subject matter: Assertions/Financial statements of the client company
3. Criteria: Applicable financial reporting framework / GAAP in the Philippines (PFRS)
4. Sufficient appropriate evidence:
Auditor obtains sufficient appropriate audit evidence as a basis for audit conclusion/opinion
5. Written Assurance Report: Independent auditor’s report contains the audit conclusion/opinion

Need for Independent Audit of Financial Statements:

The primary economic reason for an audit of financial statements is the demand by external users for reliable or fairly stated
financial statements that they will use in making economic decisions. Thus, the market for auditing services is driven by demand
by external financial statements users.

An audit can help reduce information risk, that is, the risk that the financial statements that will be used for decision-making are
materially misleading, unreliable or inaccurate.

Four conditions/reasons that gave rise to a demand for independent audit of financial statements:
a. Potential conflict of interest between users and preparers of the financial information can result in biased
information – Client management may not be objective in financial reporting. It may provide impressive but biased,
unrealistic, or misleading financial statements to obtain benefits that it seeks. On the other hand, financial statement users
need unbiased, realistic, or reliable financial statements.
b. Remoteness of users – Users do not have access to entity’s records to personally verify the reliability of the financial
information.
c. Complexity of subject matter requires expertise – Expertise is often required for information preparation and verification.
Users of financial statements are not equipped with the necessary skills, competence, and knowledge of complexities of
accounting and auditing to determine whether the financial statements are reliable.
d. Consequence for decision making – Financial statements are used for important decisions that involve significant amount
of money. If a decision is based on misleading financial information, it could have substantial financial or economic
consequences on decision makers.
Elements of Theoretical Framework of Auditing:

Auditing concepts and standards are based on the following postulates and assumptions which form part of the elements of
theoretical framework of auditing:

1. An audit benefits the public. – the primary beneficiary of reliable financial statements are the wide variety of users
(intended users)
2. Financial data and statements to be audited are verifiable. – if financial statements are not verifiable, there can be no
audit
3. The auditor should always maintain independence with respect to the client whose financial statements are subject
to audit. – audit opinion and the audit report would be of little or no value if auditor is not independent
4. Effective internal control system reduces the possibility of errors and fraud affecting the financial statements. –
Internal control affects the reliability of the financial statements. The stronger the internal control is, the lesser the
possibility of errors and fraud, and consequently, the more reliance on internal control can be placed or assurance that it
can generate reliable accounting data and financial statements.
5. There should be no long-term conflict between the auditor and the client management. – Short-term conflicts may
exist between the management who prepare the data and auditors who examine the data but such conflicts must be resolve
since both must be interested in fairness of the financial statements.
6. Consistent application of GAAP results in fair presentation of FS. – The criterion in financial statement audit is an
identified or applicable financial reporting framework, which is usually the PFRS.
7. What was held true in the past will continue to hold true in the future in the absence of known conditions to the
contrary. – Experience and knowledge accumulated from auditing a client in prior years can be used to determine the
appropriate audit procedures that need to be performed.

Audit of Financial Statements:

Audit of financial statements is the objective examination of financial statements to enable the auditor to express an opinion on
whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting
framework.

Purpose of an Audit of Financial Statements:

The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. Such purpose is
achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects,
in accordance with an applicable financial reporting framework.

Overall Objectives of the Independent Auditor:

a. To obtain reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error.
b. To report on the financial statements and to communicate such report in accordance with the auditor’s findings.

Audit Opinion and Audit Report: Audit opinion:

• In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions
on which to base that opinion. The auditor’s opinion is on the fairness of the audited financial statements.
• The auditor's opinion helps establish the credibility of the financial statements.

Auditor’s report:
• the primary product of an audit engagement
• the end product of the audit process
• a written report that contains auditor’s opinion about the fairness of the FS
• the medium through which the auditor communicates the results of his or her work

Importance of audit opinion/audit report:

• It lends credibility to the FS.
• It provides increased assurance (reasonable assurance) to users as to the fairness of the FS.

An FS audit is:
• NOT a certification or guarantee as to accuracy or fairness of the FS.
• NOT an assurance as to future viability of the entity.
• NOT an assurance as to efficiency or effectiveness of the client’s business operations.
• NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing
business with it.

Scope of an Audit of Financial Statements:

 • The auditor’s opinion on the financial statements deals with whether the financial statements are prepared, in all
material respects, in accordance with the applicable financial reporting framework.
• The auditor’s opinion or the audit of financial statements is:
• When an applicable law or regulation requires an auditor to provide opinions on other specific matters (such as the
effectiveness of internal control, or the consistency of a separate management report with the financial statements)
the auditor would be required to undertake further work if he had additional responsibilities to provide such opinions.

Financial Statements:
• Financial statements are a structured representation of historical financial information (including related notes which
comprise a summary of significant accounting policies and other explanatory information), intended to communicate
an entity’s economic resources or obligations at a point in time or the changes therein for a period of time in accordance
with a financial reporting framework.
• The term “financial statements” ordinarily refers to a complete set of financial statements, but can also refer to a single
financial statement.

End Products of Audit Engagement:

a. Independent auditor’s report – the primary product of audit engagement
b. Certain other communication and reports – other communication and reporting responsibilities to users, management,
those charged with governance, or parties outside the entity, in relation to matters arising from the audit (as may be
required by the PSAs or by applicable laws or regulations) Examples:
• Communication with those charged with governance
• Auditor’s responsibilities relating to fraud in an audit of financial statements

Management Responsibility for the Financial Statements:

An audit in accordance with PSAs is conducted on the premise that management and, where appropriate, those charged with
governance have acknowledged and understand that they have responsibility over the financial statements.

Management responsibility over the financial statements includes:

1. Responsibility for the preparation and presentation of the financial statements in accordance with the applicable
financial reporting framework which includes:
a. Identification of applicable financial reporting framework, in the context of any relevant laws or regulations
b. Preparing the financial statements in accordance with that framework
c. Adequate description of that framework in the financial statements
d. Making reasonable accounting estimates
e. Selecting and applying appropriate accounting policies
2. Responsibility for designing, implementing and maintaining internal control that is relevant or necessary to enable the
preparation of financial statements that are free from material misstatement, whether due to fraud or error, and
3. Responsibility to provide the auditor with:
a. All information (such as records, documentation and other matters) that are relevant to the preparation and
presentation of the financial statements
b. Any additional information that the auditor may request from management for the purpose of the audit; and
c. Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit
evidence.

Applicable Financial Reporting Framework:

Applicable financial reporting framework means the financial reporting framework adopted by management (and, where
appropriate, those charged with governance) in the preparation of the financial statements that is acceptable in view of the nature
of the entity and the objective of the financial statements, or that is required by law or regulation.

The applicable financial reporting framework often encompasses financial reporting standards established by:
• An authorized or recognized standards setting organization (such as PFRSC)
• Legislative or regulatory requirements

Other sources of applicable financial reporting framework:

• The legal and ethical environment (including statutes, regulations, court decisions, and professional ethical obligations
in relation to accounting matters)
• Published accounting interpretations of varying authority issued by standards setting, professional or regulatory
organizations
• Published views of varying authority on emerging accounting issues issued by standards setting, professional or
regulatory organizations
• General and industry practices widely recognized and prevalent; and
• Accounting literature
Financial reporting frameworks encompass primarily the financial reporting standards established by an organization that is
authorized or recognized to promulgate standards to be used by entities for preparing general purpose financial statements are
often designed to achieve fair presentation, for example, International Financial Reporting Standards (PFRSs).

Basic Distinction between Auditing and Accounting:

• Auditing involves verification of FS and its fairness of presentation while accounting involves preparation and
presentation of FS
• Accounting precedes auditing because without FS there could be no FS audit.
• Auditing begins when accounting ends.
• The end product of the accounting process is a set of FS while the end product of the audit process is an auditor’s report.
• An auditor must be proficient/expert in accounting (since the auditor will use GAAP in evaluating the fairness of the FS)
as well as in auditing (specifically in accumulation and interpretation of audit evidence); an accountant need not be
proficient in auditing
• Separate disciplines: Auditing is a separate discipline or field of study With different frameworks/foundations:
➢ Accounting – Framework for Preparation of FS
➢ Auditing – a) Philippine Framework for Assurance Engagements, and b) Framework of Philippine Standards on
Auditing
• Auditing – governed by GAAS; Accounting – governed by GAAP/PFRS
• Dissimilar bodies of knowledge (accounting – GAAP; auditing – GAAS)

Requirements Relating to an Audit of Financial Statements:

1. Relevant ethical requirements – The auditor shall comply with relevant ethical requirements, including those pertaining
to independence, relating to financial statement audit engagements.

Relevant ethical requirements ordinarily comprise:

a. Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics) promulgated by the
Board of Accountancy
b. National requirements that are more restrictive
c. Philippine Standard on Quality Control (PSQC) and Philippine Standard on Quality Management
(PSQM) – require the CPA firm to establish and maintain its system of quality control designed to provide it
with reasonable assurance that the firm and its personnel comply with relevant ethical requirements,
including those pertaining to independence
2. Professional skepticism – The auditor shall plan and perform an audit with professional skepticism recognizing that
circumstances may exist that cause the financial statements to be materially misstated.

Professional skepticism is an attitude that includes a questioning mind, a critical assessment of validity of audit
evidence, and being alert to conditions which may indicate possible misstatement due to error or fraud.

Professional skepticism is necessary to the critical assessment of audit evidence.

This includes:
a. Questioning contradictory audit evidence
b. Considering the reliability of documents and responses to inquiries and other information obtained from
management and those charged with governance
c. Considering the sufficiency and appropriateness of audit evidence obtained in the light of the circumstances
(for example, in the case where fraud risk factors exist and a single document, of a nature that is susceptible
to fraud, is the sole supporting evidence for a material financial statement amount)

3. Professional judgement – The auditor shall exercise professional judgment in planning and performing an audit of
financial statements.

Professional judgment is essential to the proper conduct of an audit. This is because interpretation of relevant ethical
requirements and the PSAs and the informed decisions required throughout the audit cannot be made without the
application of relevant knowledge and experience to the facts and circumstances.

4. Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable assurance, the auditor shall
obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the
auditor to draw reasonable conclusions on which to base the auditor’s opinion.

a. Sufficiency and appropriateness of audit evidence

Audit evidence includes information used by the auditor in arriving at the conclusions on which the auditor’s
opinion is based. Audit evidence includes both:
Information contained in the accounting records underlying the financial statements and Other information
Sufficiency is the measure of the quantity of audit evidence. Sufficiency is influenced or affected by:
 (1) The auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence
is likely to be required) and
(2) The quality of such audit evidence (the higher the quality, the less may be required)

Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing
support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its
source and by its nature and is dependent on the individual circumstances under which it is obtained.

Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level,
and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter
of professional judgment.

5. The auditor shall conduct an audit in accordance with PSAs

• PSAs contain basic audit principles and essential procedures together with related guidance in the form of
explanatory and other material which the auditor should follow

An audit in accordance with PSAs includes:

a. Compliance with PSAs relevant to the audit
1) Compliance with all PSAs relevant to the audit (a PSA is relevant to the audit when the PSA is in effect and
the circumstances addressed by the PSA exist)
2) Understanding the entire text of a PSA (including its application and other explanatory material) to understand
its objectives and to apply its requirements properly
3) Prohibition from the auditor from representing compliance with PSAs in the auditor’s report when he has not
complied with the requirements of PSAs relevant to the audit
b. The use of the objectives stated in relevant PSAs in planning and performing the audit to achieve the overall
objectives of the auditor.
in using the objectives, the auditor is required to have regard to the interrelationships among the PSAs. This is
because the PSAs deal in some cases with general responsibilities and in others with the application of those
responsibilities to specific topics.
c. In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs). PAPSs provide
interpretative guidance and practical assistance to auditors in implementing the PSAs and to promote good
practice in the accountancy profession.

Contents/Structure of the PSAs

a. Objectives – each PSA contains one or more objectives which provide a link between the requirements and the overall
objectives of the auditor
The objectives in individual PSAs serve to focus the auditor on the desired outcome of the PSA.
b. Requirements (requirements are expressed in the PSAs using “shall”) – the requirements of the PSAs are designed to
enable the auditor to achieve the objectives specified in the PSAs, and thereby the overall objectives of the auditor
c. Related guidance in the form of application and other explanatory material that are designed to support the auditor in
obtaining reasonable assurance

Application and other explanatory material:

• It provides further explanation of the requirements of a PSA and guidance for carrying them out It may explain
more precisely what a requirement means or is intended to cover
• It may include examples of procedures that may be appropriate in the circumstances.
• While such guidance does not in itself impose a requirement, it is relevant to the proper application of the
requirements of an PSA.
• It may also provide background information on matters addressed in a PSA.
• It may include appendices which form part of the application and other explanatory material.
• When appropriate, it may include additional considerations specific to audits of smaller entities and public sector
entities.

PSAs may also contain:

• Introductory material – provides context relevant to a proper understanding of the PSA Introductory material may
include, as needed, such matters as explanation of:
a. The purpose and scope of the PSA (including how the PSA relates to other PSAs)
b. The subject matter of the PSA
c. The respective responsibilities of the auditor and others in relation to the subject matter of the
PSA
d. The context in which the PSA is set

Definitions – a description of the meanings attributed to certain terms for purposes of the PSAs
Assist in the consistent application and interpretation of the PSAs
Not intended to override definitions that may be established for other purposes, whether in law, regulation or otherwise
 Departure from a relevant requirement in a PSA:
In exceptional circumstances wherein the auditor may judge it necessary to depart from a relevant requirement in a
PSA, the auditor shall perform alternative audit procedures to achieve the aim of that requirement.

The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific
procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving
the aim of the requirement

The PSAs do not call for compliance with a requirement that is not relevant in the circumstances of the audit.

General Principles of Financial Statement Audit

1. The auditor should plan and perform the audit with an attitude of professional skepticism recognizing that
circumstances may exist that may cause the FS to be materially misstated.

Because of the possibility that the FS may be materially misstated, the auditor should conduct the audit with an attitude
of professional skepticism. For example, the auditor would ordinarily expect to find evidence to support management
representations and not assume they are necessarily correct.

Attitude of professional skepticism: means the practitioner makes a critical assessment, with a questioning mind, of
the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of
documents or representations by the responsible party. In planning and performing the audit, the auditor neither
assumes that the management is honest nor assumes unquestioned honesty.

Limitations of Financial Statements Audit: (Reasons why absolute assurance in auditing is not attainable or why reducing audit
risk to zero is not attainable)

Absolute assurance in auditing is not attainable because of inherent limitations in an audit that affect the auditor’s ability to detect
material misstatements. These limitations result from factors such as:

1. Need for auditor’s judgment

The auditor’s work requires exercise of professional judgment such in the following matters:
• Identifying and addressing risk factors
• Deciding what evidence to gather
• Making decisions about materiality and audit risk
• Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent of audit procedures)
• Evaluating management’s judgments in applying the entity’s applicable financial reporting framework.
• Assessing the sufficiency and appropriateness of audit evidence
• Drawing of conclusions based on the evidence gathered
• Forming an opinion (the phrase “in our opinion” in the auditor’s report is intended to inform that auditors based their
conclusions on professional judgment)

2. Use of testing / sampling risk – An audit is conducted on a test basis or by examining only sample of less than 100%
of a population. This may introduce some risk that a misstatement will not be detected.

3. Reliance on management representation – Some audit evidence must be obtained by obtaining oral or written
representations from management because many FS assertions cannot be audited.

4. Inherent limitations of accounting and internal control – Although the auditor performs audit procedures to detect
material misstatements, such procedures may not be effective in detecting misstatements resulting from the possibility
of:
• management override of controls
• circumvention of internal control
• collusion among employees

5. Nature of audit evidence available – This is the fact that most of the evidence available to the auditor is persuasive,
rather than conclusive, in nature.

6. Undetected fraud – Fraud is specifically designed not to be detected. Thus, there is always the possibility that fraud
will not be detected.

7. Availability of audit evidence – Insufficient support may be available for drawing absolute conclusions on specific
assertions such as fair value estimates.
 8. Other limitations may affect the persuasiveness of audit evidence available to draw conclusions on particular
assertions (for example, transactions between related parties).

Not a limitation of audit: Physical limitations of auditors due to fatigue and stress.

Concept of Materiality and Audit Risk

1. Materiality: the magnitude of misstatement or omission; the ability to influence the economic decision of reasonable
FS user
The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the FS are fair or are
presented fairly, in all material respects , in accordance with the applicable financial reporting framework.
When is a misstatement or omission material? It is material if it could influence the economic decision of FS users. If
it is probable that the judgment of a reasonable person would have been changed or influenced by the omission or
misstatement of information, then that information is material.
Meaning of the term "present fairly, in all material respects": The auditor considers only those matters that are
significant to the FS users; the phrase refers to the auditors expression of opinion
2. Audit Risk: the risk that audit opinion is inappropriate
• specifically, it is the risk that the auditor expresses an inappropriate (unqualified) audit opinion when the FS are
materially misstated
• concept of reasonable assurance acknowledges the existence of audit risk

General Types of Audit:

1. According to objectives or nature of assertion
a. Financial statement audit – an audit conducted to determine whether the financial statements of an entity are
fairly presented in accordance with an identified financial reporting framework (or PFRS)
b. Compliance audit: a review of an entity’s degree of compliance with applicable laws and rules/regulations or
contracts; usually performed by government auditors Examples: Examination conducted by:
i) BIR examiners: compliance of taxpayers with tax law, rules or regulations
ii) BSP examiners: compliance of banks with banking laws, rules or regulations iii) COA auditors: compliance
of government transactions/expenditures with the requirements of applicable laws, rules or regulations
c. Operational audit involves a systematic review and evaluation of the specific operating units (or procedures,
methods or activities) of an organization in relation to specified objectives for the purpose of measuring/assessing
its performance in terms of efficiency and effectiveness of operations, identifying opportunities for improvement
and making recommendations to improve performance (such as introduction of controls to reduce waste).
• Also called performance audit or management audit
• Example: Evaluation of a company’s computerized accounting system
• Usually performed by internal auditors
• Efficiency relates to use of its resources, while effectiveness relates to accomplishing objectives.
Internal auditor's responsibilities in operational audits:
In operational audits, the company's management is responsible for setting operating standards. The internal
auditor's responsibilities are to determine that:
a. Management has established such standards.
b. The standards are being met.
c. Deviations from established standards are being identified and corrected.
d. Corrective action has been taken.
Objective of operational auditing:
a. To assess performance in terms of efficiency and effectiveness of operations
(1) Effectiveness – To verify fulfillments of plans and sound business requirements
(2) Efficiency – To determine whether the entity is managing or utilizing its resources economically and
efficiently
b. To identify areas for improvement
c. To develop recommendations to improve performance (example of such as introduction of controls to reduce
waste)
Operational audit includes:
• Program or effectiveness audit: an audit to determine whether the entity has been effective in achieving the
desired results or benefits of the program or activity
• Economy audit: an audit to determine whether company objectives or goals are met at a cost commensurate
with the task
• Efficiency audit: whether company objectives or goals are met at the least or minimal costs
Major differences between financial and operational auditing:
• The financial audit is oriented to the past whereas an operational audit concerns performance for the future.
• The financial audit report is distributed to many readers whereas the operational audit report goes to a few
managers.
• Financial audits are limited to matters that directly affect the financial statements whereas operational audits
cover any aspect of efficiency and effectiveness.
2. According to types of auditor or their affiliation with the entity being examined:
 a. External / Independent audit: performed by practitioners or independent CPAs who offer their professional
services for a fee to various clients on a contractual basis
• Independent or external auditors are not employees of the client External audit complements internal audit
b. Internal audit: audit performed by entity’s own employees known as internal auditors; internal auditors
investigate and apprise the effectiveness and efficiency of operations and internal controls of the firm
c. Government auditing: audit performed by government employees whose main concern is to determine whether
persons or entities comply with government laws, rules and regulations
Scope of government audit: may extend beyond FS audit to include: i) FS audit
ii) Performance audit (includes (a) program results (effectiveness) audit and (b) economy and efficiency audit)
iii) Compliance audit

Types of Auditors:
1. Independent auditors or external auditors – are CPA firms and individual practitioners who perform audit services on
contractual basis for more than one client
• Independent auditor – because the auditor is independent with respect to the client whose FS are being audited;
External auditor – the auditor is an outsider (not an employee of the client)
• Practitioners perform operational audits and compliance audits as part of consultancy services
2. Internal auditors – they are employed by the entity thus they are not independent. However, to operate effectively, an
internal auditor must be independent of the line functions of the entity. Internal auditors perform operational and
compliance audits.
3. Government auditors – employed in government agencies
• BIR examiners perform compliance audits
• BSP examiners perform compliance and operational audits
• COA auditors perform compliance and operational audits
The relationship between an external auditor and an internal auditor is that both of them use basically an identical approach;
however, there are differences in the application of auditing techniques.
Audit Committee
The audit committee is composed of outside directors who are independent of management. The primary purpose is to
assure that the directors are exercising due care and external and internal auditors are independent of management.
The following are some of the audit committee's functions:
• Select the external auditors.
• Review the external auditor's overall audit plan.
• Evaluate the results of external and internal audits.
• Review the internal auditing work schedule, budget, etc.
• Meet regularly with the internal auditing director.
• The above functions should increase public confidence on the fair presentation of the company's financial statements.
Acceptability of the Financial Reporting Framework
The auditor should determine whether the financial reporting framework adopted by management in preparing the FS is
acceptable. An acceptable financial reporting framework is what is referred to as the “applicable financial reporting
framework.” The auditor determines whether the financial reporting framework adopted by management is acceptable in view of
the nature of the entity (for example, whether it is a business enterprise, a public sector entity or a not for profit organization) and
the objective of the FS.
In FS audit, financial reporting frameworks that are acceptable as valid criteria include:
1. Philippine Financial Reporting Standards (PFRSs)
2. Philippine Accounting Standards (PASs)
3. International Accounting Standards (IASs)
4. Other authoritative basis
Financial statements need to be prepared in accordance with one, or a combination of the above-cited financial reporting
framework.
Distinction: Types of audit according to objectives or nature of assertion/data
Point of distinction FS Audit Compliance audit Operational audit

Primary objective To enable the auditor to express an opinion To determine degree of To assess entity’s
on the fairness of the FS compliance performance (in terms of
efficiency and effectiveness)
Subject matter Assertion that the FS are presented in Assertion that the Assertion that the
(Assertion) accordance with organization has organization’s
identified financial reporting complied with laws, activities/operations are
framework (GAAP) regulations and specific conducted effectively and
procedures efficiently in relation to
specified objectives
Established criteria GAAP – Identified financial reporting Applicable laws, Objectives (as set by the
framework (as by standard setting bodies) regulations and specific board of directors)
procedures (as set by
authoritative bodies)
Sufficient appropriate Audit findings whether the FS are in Findings on degree of Findings on assessment of
evidence / outcome accordance with Identified compliance performance / operations
financial reporting framework (GAAP)
Communication of Auditor’s report containing an Reports on the Recommendations or
Results to intended opinion whether the FS are fairly presented degree of compliance suggestions on how to
users in accordance with with applicable laws, improve operations
identified financial reporting regulations or specific
framework (GAAP) procedures
Users of audit report Different groups for different purposes; wide Authoritative bodies that Management of the entity
variety of users (both internal and external sets down the
users) regulations, rules and
procedures
Type of auditor Independent / external auditors – Government auditors Internal auditors
performing the audit practitioners